lockfile: Allow omitting the digest

When manually writing lockfile overrides (see previous commit), it's sometimes easier to not have to specify the SHA256 of the package. For example, in FCOS, all packages on development and production streams will be sourced uniquely from coreos-pool, so there's no question of where the package will come from. It's of course also easier in the context of local development. Another motivation for this though is a subtle interaction between Fedora infra and the way we'd like to implement lockfile management: we want the override process to be PR-based, with a privileged bot in the backend tagging new overrides into the pool as necessary on merge. However, packages built in Koji are initially unsigned, and so we can't actually *know* what the SHA256 of the package will be until it's signed and tagged into the pool by the bot. Closes: #1867 Approved by: cgwalters
2019-07-10 09:52:54 -04:00 · 2019-07-10 09:52:54 -04:00 · 68432e461c
commit 68432e461c
parent 1b43ad04be
3 changed files with 40 additions and 7 deletions
--- a/rust/src/lockfile.rs
+++ b/rust/src/lockfile.rs
@ -99,7 +99,8 @@ struct LockfileConfig {
 #[derive(Serialize, Deserialize, Debug)]
 struct LockedPackage {
    evra: String,
-    digest: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    digest: Option<String>,
 }

 impl LockfileConfig {
@ -218,7 +219,7 @@ mod ffi {
                let map = lockfile.packages
                    .into_iter()
                    .fold(HashMap::<String, String>::new(), |mut acc, (k, v)| {
-                        acc.insert(format!("{}-{}", k, v.evra), v.digest);
+                        acc.insert(format!("{}-{}", k, v.evra), v.digest.unwrap_or("".into()));
                        acc
                    }
                );
@ -253,7 +254,7 @@ mod ffi {

            lockfile.packages.insert(name, LockedPackage {
                evra: format!("{}.{}", evr, arch),
-                digest: ffi_new_string(chksum),
+                digest: Some(ffi_new_string(chksum)),
            });

            // forgive me for this sin... need to oxidize chksum_repr()
--- a/src/libpriv/rpmostree-core.c
+++ b/src/libpriv/rpmostree-core.c
@ -1866,7 +1866,7 @@ check_locked_pkgs (RpmOstreeContext *self,
      DnfPackage *pkg = packages->pdata[i];
      const char *nevra = dnf_package_get_nevra (pkg);
      const char *chksum = g_hash_table_lookup (self->vlockmap, nevra);
-      if (!chksum)
+      if (!chksum || !*chksum)
        continue;

      g_autofree char *repodata_chksum = NULL;
--- a/tests/compose-tests/test-lockfile.sh
+++ b/tests/compose-tests/test-lockfile.sh
@ -9,31 +9,63 @@ prepare_compose_test "lockfile"
 pyappendjsonmember "repos" '["test-repo"]'
 build_rpm test-pkg-common
 build_rpm test-pkg requires test-pkg-common
+build_rpm another-test-pkg
 # The test suite writes to pwd, but we need repos in composedata
 # Also we need to disable gpgcheck
 echo gpgcheck=0 >> yumrepo.repo
 ln yumrepo.repo composedata/test-repo.repo
-pyappendjsonmember "packages" '["test-pkg"]'
+pyappendjsonmember "packages" '["test-pkg", "another-test-pkg"]'
 pysetjsonmember "documentation" 'False'
 mkdir cache
 # Create lockfile
 runcompose --ex-write-lockfile-to=$PWD/versions.lock --cachedir $(pwd)/cache
 rpm-ostree --repo=${repobuild} db list ${treeref} > test-pkg-list.txt
 assert_file_has_content test-pkg-list.txt 'test-pkg-1.0-1.x86_64'
+assert_file_has_content test-pkg-list.txt 'another-test-pkg-1.0-1.x86_64'
 echo "ok compose"

 assert_has_file "versions.lock"
 assert_jq versions.lock \
  '.packages["test-pkg"].evra = "1.0-1.x86_64"' \
-  '.packages["test-pkg-common"].evra = "1.0-1.x86_64"'
+  '.packages["test-pkg-common"].evra = "1.0-1.x86_64"' \
+  '.packages["another-test-pkg"].evra = "1.0-1.x86_64"'
 echo "ok lockfile created"
 # Read lockfile back
 build_rpm test-pkg-common version 2.0
 build_rpm test-pkg version 2.0 requires test-pkg-common
+build_rpm another-test-pkg version 2.0
 runcompose --ex-lockfile=$PWD/versions.lock --cachedir $(pwd)/cache
 echo "ok compose with lockfile"

 rpm-ostree --repo=${repobuild} db list ${treeref} > test-pkg-list.txt
 assert_file_has_content test-pkg-list.txt 'test-pkg-1.0-1.x86_64'
 assert_file_has_content test-pkg-list.txt 'test-pkg-common-1.0-1.x86_64'
-echo "lockfile read"
+assert_file_has_content test-pkg-list.txt 'another-test-pkg-1.0-1.x86_64'
+echo "ok lockfile read"
+
+# now add an override and check that not specifying a digest is allowed
+cat > override.lock <<EOF
+{
+  "packages": {
+    "another-test-pkg": {
+      "evra": "2.0-1.x86_64"
+    }
+  }
+}
+EOF
+
+runcompose --dry-run \
+  --ex-lockfile=$PWD/versions.lock \
+  --ex-lockfile=$PWD/override.lock \
+  --ex-write-lockfile-to=$PWD/versions.lock \
+  --cachedir $(pwd)/cache |& tee out.txt
+echo "ok compose with lockfile"
+
+assert_file_has_content out.txt 'test-pkg-1.0-1.x86_64'
+assert_file_has_content out.txt 'test-pkg-common-1.0-1.x86_64'
+assert_file_has_content out.txt 'another-test-pkg-2.0-1.x86_64'
+assert_jq versions.lock \
+  '.packages["test-pkg"].evra = "1.0-1.x86_64"' \
+  '.packages["test-pkg-common"].evra = "1.0-1.x86_64"' \
+  '.packages["another-test-pkg"].evra = "2.0-1.x86_64"'
+echo "ok override"